This post is more than 5 years old
21 Posts
0
861
March 29th, 2011 08:00
viruschk protocol option
I have been asked up look at upgrading the CAVA version on 8 AV servers... the servers are using McAfee , when I look at the Celerra itself
I noticed that the viruschk protocol is not started on any of the 4 Data_Movers... , I am not familiar with how CAVA works but I am thinking
that the viruschk protocol should be started... am I correct ? and if so, if I start it is there any service disruption for CIFS... ?
Thanks...
No Events found!
nandas
4 Operator
•
1.5K Posts
0
March 29th, 2011 11:00
Nice to see you got the required help - many thanks to Karl.
If you are satisfied, please mark the question as answered choosing appropriate replies as "Correct" and/or "Helpful" answers.
Regards,
Sandip
umichklewis_ac7b91
300 Posts
1
March 29th, 2011 10:00
Your best, first option is to read the Celerra manual, Using Celerra AntiVirus Agent. You can search for it in Powerlink. This will describe the configuration and use of CAVA. You'll want to find the viruschecker.conf file on your datamovers - this file controls how the CAVA service scans files, whether or it will impact the CIFS service on the NAS (i.e., stop CIFS if not CAVA servers respond) and so on. Be sure to read this thoroughly before starting the CAVA service! If you don't understand it, post your viruschecker.conf and we can help explain what will happen when you start the service.
Thanks!
Karl
Blazer87
21 Posts
0
March 29th, 2011 10:00
Ok thanks.... here is the viruschecker.conf :
CIFSserver=10.100.151.220
addr=10.100.150.215:10.100.150.216:10.100.150.217:10.100.150.218:10.100.150.219:10.100.150.220:10.100.150.221:10.100.150.222
excl=.dcb:.dct:.fzy:.idb:.ivt:.key:.layout:.ndx:.pst:.tag:.tex:.tmp:.trk:.zip:pagefile.sys
masks=.
shutdown=viruscheckin
nandas
4 Operator
•
1.5K Posts
1
March 29th, 2011 11:00
Many thanks for marking the question answered - but the credit should go to Karl - request you to kindly choose his answers as Helpful and/or correct.
Thanks again,
Sandip
Blazer87
21 Posts
0
March 29th, 2011 11:00
Thank You very much... this is exactly what I needed to know....
umichklewis_ac7b91
300 Posts
1
March 29th, 2011 11:00
Okay - this looks fairly typical. The first line, CIFSserver= lists the IP address of the CIFS server on your Celerra that was configured to provide CAVA service.
The addr= line lists the IP addresses of your CAVA servers, in your case, there are eight CAVA servers configured.
The excl= field lists the file extensions that won't be scanned by CAVA, used in conjunction with the masks= field.
I'm not sure if the formatting on the forums removed them, but usually, you'll see an * in the file. Most often masks=*.*, excl=*.zip:*.tmp and so on.
The last line, shutdown=viruschecking means that if no CAVA servers can be found, the Celerra will stop checking files with the CAVA service. If this line had read shutdown=cifs, the Celerra would stop the CIFS service, if no CAVA servers are available.
This probably means that you can start the CAVA service without too much trouble. I would highly recommend reading the docs first, then starting the CAVA service outside of business hours. This way, if the CAVA service is not correctly configured on the CAVA servers, you can avoid an outage, but still get a bit of useful information to get the service setup properly. The documents describe how to configure the CAVA service account, how to see if it's a member of the right group and so on. But if all you want is a quick test to see if it will work, try it out after business hours.
You can start the CAVA service with server_setup server_XX -P viruschk -o start and stop it with -o stop.
Let us know if this help!
Karl